OWASP - User contributions [en]

User:Subhasis

2012-10-01T03:30:04Z

Subhasis:

'''Introduction'''

7 years of experience in Web Application Penetration Testing and Vulnerability Assessment, System & Network Layers Security Assessment, PCI Compliance Review and Assessment, CITRIX API and Client-Server Architecture Based Application Assessment, SAS 70 Audit, Android/iOS Mobile Application Assessments, Conduct App-Sec Training & OWASP Awareness Classes.

'''Added Technical Skills'''

•Develop test strategy and test plan documents with details of the test environments, test exclusions, interfaces, and test conditions for certification and application hosting.

•Work closely with developers, client head and other team members if present throughout the audit executing test iterations, tracking / reporting results, troubleshooting and coordinating defect resolution.

•Research and development in all aspects of information security application engineering with responsibility to assess and mitigate system security threat/risk throughout the program life cycle; define and validate application security requirements definition and analysis; implement secure systems.

•Provide leadership and security subject matter expertise in support of all business applications, databases and Web-based software including custom application and third party vendor software databases.

Subhasis Choudhury

mailto:subhasis.choudhury@owasp.org

User:Subhasis

2012-10-01T03:25:49Z

Subhasis:

User:Subhasis

2012-10-01T03:21:47Z

Subhasis:

User:Subhasis

2012-10-01T03:14:05Z

Subhasis:

User:Subhasis

2012-05-17T05:57:40Z

Subhasis:

7 years of experience in Web Application Security Audit, Source Code Review, Report Writing, Developing New Security Test Case and Providing Code Level Solutions to Developers.Also in Network Penetration Testing & Vulnerability Assessment, Security Reviews on Network Infrastructure Components , Selection, Implementation and Maintenance of Security software, Audit using automated Web Application Security Scanner and Report Analysis.

Specialties

Web Application Security Assessment, Network Penetration Testing & Vulnerability Assessment, Source Code Review, Root Cause Analysis, Developing New Security Templates

OWASP Security Blitz

2012-05-17T03:26:26Z

Subhasis:

=About=
OWASP is starting a monthly security blitz where we will rally the security community around a particular topic. The topic may be a vulnerability, defensive design approach, technology or even a methodology. All members of the security community are encouraged to write blog posts, articles, patches to tools, videos etc in the spirit of the current monthly topic. Our goal is to show a variety of perspectives on the topic from the different perspectives of builders, breakers and defenders.

=How Can You Help?=
==Individual Experts==
As an individual please create material on the monthly security topic. If you have recently created material that is relevant to the month at hand then please link it in the section below. As mentioned above, the goal is to have a variety of perspectives (builder, breaker, defender, policy, etc) and types of content (tools, docs, videos, code patches, etc)

==Companies / Organizations / Universitites==
Please consider launching an internal awareness program to coincide with the security blitz. This will allow all of us to pool resources and maximize the impact of each month's topic.

=Monthly Security Topics=
* 2012 - [https://www.owasp.org/index.php/OWASP_Security_Blitz#April_-_SQL_Injection April - SQL Injection]
* 2012 - [https://www.owasp.org/index.php/OWASP_Security_Blitz#May_-_Cross_Site_Scripting May - Cross Site Scripting]
* 2012 - June - Access Control
* 2012 - July - Mobile Security
* 2012 - August - Threat Modeling

== Articles/Contributions/Updates==
Please add links to any stories, posts, articles, etc that are related to the current month

===April - SQL Injection===
# [https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet OWASP Parameterization Cheat Sheet]
# [http://thepowerofapostrophe.blogspot.in/ The Power of the Apostrophe blog] (funny)
# [https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet OWASP SQL Injection Cheat Sheet]

===May - Cross Site Scripting===
# [https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet OWASP XSS Prevention Cheat Sheet] (Builder)
# [http://ha.ckers.org/xss.html XSS cheat sheet] (Breaker)
# [https://developer.mozilla.org/en/Introducing_Content_Security_Policy Content Security Policy] (Builder)
# [https://www.owasp.org/index.php/DOM_Based_XSS Dom Based XSS]
# [https://www.owasp.org/index.php?title=DOM_based_XSS_Prevention_Cheat_Sheet Dom Based XSS Prevention Cheat Sheet] (Builder)
# [https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series AppSec Tutorial Project - Cross Site Scripting] ([http://www.youtube.com/watch?v=_Z9RQSnf8-g Video Link])
# [http://labs.neohapsis.com/2012/04/25/abusing-password-managers-with-xss/ Abusing Password Managers with XSS] (Breaker)
# [http://labs.neohapsis.com/2012/04/19/xss-shortening-cheatsheet/ XSS Shortening Cheat Sheet] (Breaker)